I’m looking for research info for the purposes of a fictional novel and not sure if I’ve ended up in the right place. If not, I’m hoping someone could point me in the right direction.

I’m told that any system can be hacked into so based on that premise here is my scenario.Someone is hacking into an Alarm company system after they have installed alarm systems in homes or business then drops in a virus that tells the system if there is an emergency (fire, break in etc.) not to respond. After the system malfunctions same person drops in another virus to delete the first virus so there are no record of the malfunction.

Therefore, the system looks/appears to be fine and everyone at the alarm company scrambling trying to find the hacker.

Question:1) Is this scenario possible?2) If so, can someone give me a general idea of how it can be done? 3) What kind of educational background would someone need to do this?4) How would they catch the hacker?

1) Potentially, but it would be difficult without inside knowledge of the monitoring software used by the alarm company.

2) This would likely involve some sort of custom malware to subvert the monitoring software, as well a policing up any logs that the software kept. No need for multiple items of malware, the original should be able to delete itself if needed.

3) Programming to write the malware, likely some admin experience with the systems in question. Possibly some hacking or pen testing (maybe social engineering) experience to get things in place cleanly.

4) Some sort of flaw in the malware that caused it to misbehave and call attention to itself, and/or some sort of unintentional residual information left behind in the system.

1,2) He would either need to have inside knowledge or have a copy of the software. He could hack in and get the source code for the software. Might make your bad guy a little more ominous.

3) There are a lot of smart IT people that don't have a college background so this could vary quite wildly.

4) If he published the source code (see milw0rm.com) it could be traced back due to his mistake in not using a proxy and hiding his IP address. Could also be traced handle/tag/nick (whatever you call it) if he got cocky and used that name.

I’m looking for research info for the purposes of a fictional novel and not sure if I’ve ended up in the right place. If not, I’m hoping someone could point me in the right direction.

I’m told that any system can be hacked into so based on that premise here is my scenario.Someone is hacking into an Alarm company system after they have installed alarm systems in homes or business then drops in a virus that tells the system if there is an emergency (fire, break in etc.) not to respond. After the system malfunctions same person drops in another virus to delete the first virus so there are no record of the malfunction.

Therefore, the system looks/appears to be fine and everyone at the alarm company scrambling trying to find the hacker.

Question:1) Is this scenario possible?2) If so, can someone give me a general idea of how it can be done? 3) What kind of educational background would someone need to do this?4) How would they catch the hacker?

Thanks....

This also depends on the communication channel the alarm software uses. Every alert system uses different means to contact the company, varying from an private telephone line, to a private network connection.

Most of the time, these alarms are set to go off if the software or settings are changed, or if the communications line is cut.

I would man in the middle the connection, by reverse engineering the software and finding where it dials to, then putting an inline device changing the alarm responses as they go across the wire...

Yup, it would depend on the ultimate goal. If you were doing it to compromise the security of a few or a single location, it would make more sense to tweak things at the site(s). If you were going to do this over many sites in order to do something like discredit the monitoring company, it would make more sense to go after the servers.